diff options
author | José Bollo <jose.bollo@iot.bzh> | 2017-03-17 11:17:36 +0100 |
---|---|---|
committer | José Bollo <jose.bollo@iot.bzh> | 2017-03-17 12:59:16 +0100 |
commit | 863bf1c6b4e10176edf8b26a9703109ab8db2c43 (patch) | |
tree | 3c725135eaf7b284a18ef6e83285692e7fb0d476 /src | |
parent | 59c4af98b761d0f11514e9080a46a32bb440ebc0 (diff) |
Fix issue in labelling filesx-last-without-systemd
The current version of security manager put this tags
- SECURITY_MANAGER_PATH_PRIVATE
- SECURITY_MANAGER_PATH_RW
User::App::XXXX
- SECURITY_MANAGER_PATH_PUBLIC
- SECURITY_MANAGER_PATH_RO
User::Home
- SECURITY_MANAGER_PATH_PUBLIC_RO
_ (underscore or floor)
Putting floor is bad because it produces
files and directories that can't be removed.
Using SECURITY_MANAGER_PATH_RO instead of
SECURITY_MANAGER_PATH_PUBLIC_RO sets the
label "User::Home". It is valid because this
label is already read only for applications.
But it is writable by the "System" labelled
services at the opposite of "_".
Change-Id: I685fe366fddb95858c66b827e28acf6d005bcfc0
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Diffstat (limited to 'src')
-rw-r--r-- | src/secmgr-wrap.c | 2 | ||||
-rw-r--r-- | src/simulation/security-manager.h | 4 |
2 files changed, 4 insertions, 2 deletions
diff --git a/src/secmgr-wrap.c b/src/secmgr-wrap.c index 1b60ac4..ad550ba 100644 --- a/src/secmgr-wrap.c +++ b/src/secmgr-wrap.c @@ -117,7 +117,7 @@ static int addpath(const char *pathname, enum app_install_path_type type) int secmgr_path_public_read_only(const char *pathname) { - return addpath(pathname, SECURITY_MANAGER_PATH_PUBLIC_RO); + return addpath(pathname, SECURITY_MANAGER_PATH_RO); } int secmgr_path_read_only(const char *pathname) diff --git a/src/simulation/security-manager.h b/src/simulation/security-manager.h index 36b1b32..d7ea57c 100644 --- a/src/simulation/security-manager.h +++ b/src/simulation/security-manager.h @@ -25,9 +25,11 @@ enum lib_retcode { SECURITY_MANAGER_ERROR_ACCESS_DENIED }; enum app_install_path_type { + SECURITY_MANAGER_PATH_PRIVATE, + SECURITY_MANAGER_PATH_PUBLIC, SECURITY_MANAGER_PATH_PUBLIC_RO, + SECURITY_MANAGER_PATH_RW, SECURITY_MANAGER_PATH_RO, - SECURITY_MANAGER_PATH_RW }; typedef void app_inst_req; static int diese = 0; |